CVE-2007-3675

https://notcve.org/view.php?id=CVE-2007-3675

Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ActiveX control (kavwebscan.dll) in Kaspersky Online Scanner before 5.0.98 allow remote attackers to execute arbitrary code via format string specifiers in "various string formatting functions," which trigger heap-based buffer overflows. Múltiples vulnerabilidades de cadena de formato en el control ActiveX kavwebscan.CKAVWebScan (kavwebscan.dll) de Kaspersky Online Scanner anterior a 5.0.98 permite a atacantes remotos ejecutar código de su elección mediante especificadores de cadena de formato en "varias funciones de formateo de cadenas", lo cual provoca desbordamientos de búfer basados en montículo. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=606 http://secunia.com/advisories/27187 http://securitytracker.com/id?1018800 http://www.kaspersky.com/news?id=207575572 http://www.securityfocus.com/bid/26004 http://www.vupen.com/english/advisories/2007/3455 https://exchange.xforce.ibmcloud.com/vulnerabilities/37057 • CWE-134: Use of Externally-Controlled Format String •